16-31 August 2015 Cyber Attacks Timeline

It’s time to close this Infosec August with the list of the main cyber attacks occurred between the 16th and 31st  (Part I here).

Despite, in terms of mere numbers, this fortnight has shown a decreasing trend, the chronicles report several remarkable events.

In particular Web.com suffered the most important breach of this second half of August, causing the compromising of 93,000 customer records. In the same period Malwarebytes unmasked two more massive malvertising campaign, whose largest  one, caused by an old acquaintance like Adspirit.de, was able to distribute malware via MSN.com (in the other case, PlentyOfFish, a popular dating site, was equally abused to distribute malware). The chronicle also report another DDoS attack against GitHub.

The list of targeted attacks is similarly pretty interesting: it includes Operation Watermain (a campaign targeting South East Asian Nations), Blue Termite (against Japanese targets), a bogus domain in disguise of the Electronic Frontier Foundation made up with the sole purpose to serve malware, and, last but not least, yet another campaign against Iranian dissidents.

And let’s close with a quick overview of the hacktivism, whose most important event is the attack, carried on by the Anonymous collective, against the South African State Information Technology Agency.

As usual, scroll down the list to have an idea of this Summer cyber landscape, and remember to keep the level of attention very high. In the same time if you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014 and now 2015 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

Access the timeline in Google Sheet format: spreadsheets-32

IDDateAuthorTargetDescriptionAttackTarget
Class
Attack
Class
CountryLink
112/08/2015AnonymousState Information Technology Agency
http://sita.co.za
In name of #OperationSA and #OpMonsanto, the Anonymous hack the South African government contractor State Information Technology Agency (sita.co.za) and leak its entire database.SQLi
Industry: Information TechnologyHZAhttps://www.hackread.com/opmonsanto-anonymous-hacks-south-african-govt/
212/08/2015?University of Michigan’s Facebook pages:
Michigan Football
Michigan Basketball
Michigan Athletics
The University of Michigan’s most popular Facebook pages: Michigan Football, Michigan Basketball, and Michigan Athletics are hacked by an unknown user that posts malicious messages.Account HijackingEducationCCUS
http://socialmedia.umich.edu/blog/hacked/
313/08/2015?Web.comThe name, address, and credit card information of approximately 93,000 customers of Web.com, a popular US-based provider of Internet services to small businesses, is compromised due to a breach of one of the company's computer systems.Unknown
Industry: Internet ServicesCCUS
http://www.net-security.org/secworld.php?id=18783
415/08/2015Kelvinsecurity AKA KelvinSecTeamSecretaría de Educación Pública
http://www.sepdf.gob.mx
Kelvinsecurity AKA KelvinSecTeam hacks the website of the Mexican Public Education Registry (Secretaría de Educación Pública sepdf.gob.mx) and dumps 106 records with hashed passwords.SQLi
GovernmentCCMXhttp://siph0n.net/exploits.php?id=4001
515/08/2015Cyber of Emotion (@Cyber_Emotion)24 Saudi Government WebsitesA Saudi Hacker going with the handle of Cyber of Emotion (@Cyber_Emotion) claims to have hacked more than 24 Saudi government websites.Defacement
GovernmentCCSAhttp://www.databreaches.net/hacker-hits-24-sites-to-alert-govt/
616/08/2015RootDevilz
Jonturk75
Bozkurt97
UNICEF India
http://unicef.in
A group of Turkish hackers going with the online handles of RootDevilz, Jonturk75 and Bozkurt97 deface the official website of Unicef India (unicef.in) and post a message against China, US, UN, EU and Israel.Defacement
Org: United NationsHINhttps://www.hackread.com/unicef-india-website-turkish-hackers/
717/08/2015?http://www.totally promotional.com
Totally Promotional
Totally Promotional, an internet seller of imprinted promotional products, notifies an undisclosed number of customers that attackers forced their way into its systems and gained access to some customer payment card data and other information. However it appears that the breach did not involve directly Totally Promotional, but rather Casad Company Inc., which runs the website totallypromotional.com.Unknown
Industry: RetailCCUS
http://www.scmagazine.com/totally-promotional-attack-compromises-payment-cards-other-data/article/434514/
http://www.asicentral.com/news/newsletters/promogram/august-2015/casad-company-inc-suffers-data-breach/
817/08/2015NetPirates AKA @TheNetShipThe Hope Institute
http://www.makehope.org/
NetPirates AKA @TheNetShip hack The Hope Institute (makehope.org) and dump about 6000 usernames and hashed passwords (they claim to have retrieved additional 5000 record).SQLi
Org: educationCCKRhttp://siph0n.in/exploits.php?id=3990
918/08/2015CyberBerkutUnso.in.ua
Dontsov-nic.org.ua
Pse3zub.org
Ps-shop.com.ua
Bilozerska.info
Banderivec.ho.ua
The Pro-Russia collective CyberBerkut takes down several Ukrainian sitesDDoSOrg: NationalismHUAhttp://cyber-berkut.org/en/
1018/08/2015?Tianwang
(a rights and citizen journalism website)
Tianwang, a rights and citizen journalism website based in the southwestern Chinese province of Sichuan says its operations have been paralyzed by an external attack.Unknown
Org: Human RightsCCCNhttp://www.rfa.org/english/news/china/rights-websites-hit-by-suspected-hacker-attack-great-firewall-blockade-08182015111603.html
1118/08/2015? (hacker affiliated with Anonymous?)Clayton Valley Charter High SchoolA hacker purportedly associated with the Anonymous collective claims to have hacked the Clayton Valley Charter High School and sends several internal documents via email.Account HijackingEducationHUS
http://www.databreaches.net/ca-anonymous-responsible-for-clayton-valley-charter-high-computer-hack/
1218/08/2015NetPirates AKA @TheNetShiphttp://www.gohens.netNetPirates AKA @TheNetship hack gohens.net, an online forum, and dump 8,300+ usernames and hashed passwords.SQLi
Online ForumCCUS
http://siph0n.net/exploits.php?id=3995
1319/08/2015@DadSecurityhttp://www.mumsnet.com/An Internet troll with the nickname @DadSecurity takes down mumsnet.com and not happy with the result targets the portal co-founder Justine Roberts in a 'swatting' attack.DDoSOrg: Internet ServicesCCUK
http://www.independent.co.uk/news/uk/home-news/mumsnet-hack-founder-justine-roberts-targeted-in-swatting-attack-and-parenting-website-pushed-temporarily-offline-10461558.html
1419/08/2015EroiiKZzhttp://forum.aiekillu.frA hacker dubbed EroiiKZz hacks forum.aiekillu.fr and dumps about 32,000 records.SQLi
Online ForumCCFRhttp://siph0n.net/exploits.php?id=4006
1519/08/2015Kelvinsecurity AKA KelvinSecTeamInstituto Venezolano de Investigaciones Científicas
http://www.ivic.gob.ve
Kelvinsecurity AKA KelvinSecTeam hacks the website of the Venezuelan Institute for Scientific Research (Instituto Venezolano de Investigaciones Científicas ivic.gob.ve) and dump 60 usernames and hashed passwords.SQLi
GovernmentCCVEhttp://siph0n.net/exploits.php?id=3999
1619/08/2015Israeli NinjaNayaTel (Pvt) Ltd
http://nayatel.com
A hacker dubbed Israeli Ninja hacks nayatel.com and dumps the entire database.SQLi
Industry: ISPCCPKhttp://siph0n.net/exploits.php?id=4002
1720/08/2015?University of Rhode Island
URI.edu
The University of Rhode Island (URI.edu) notifies former and current students of of an incident involving the inappropriate collection, and possible use, of information related to some URI email accounts by an external individual.Unknown
EducationCCUS
http://web.uri.edu/publicsafety/data-security-issue/
1820/08/2015?PlentyOfFish
http://www.pof.com
Malwarebytes detects a malvertising attack on popular dating site PlentyOfFish (POF) which draws over 3 million daily users. The ad network involved in the malvertising campaign is ad.360yield.com.Malvertising
DatingCCUS
https://blog.malwarebytes.org/malvertising-2/2015/08/malvertising-hits-online-dating-site-plentyoffish/
1920/08/2015Clinkz48Karnataka State Higher Education Council
http://kshec.ac.in
The website of the Karnataka State Higher Education Council (kshec.ac.in) is defaced by a group that calls itself Clinkz48.Defacement
EducationCCINhttp://timesofindia.indiatimes.com/city/bengaluru/Website-of-Karnataka-Higher-Education-Council-hacked/articleshow/48598086.cms?
2021/08/2015? (China?)>1FireEye unveils the details of Operation Watermain, a campaign targeting India and Southeast Asian nations in a bid to extract information about ongoing border disputes and other diplomatic issues.Targeted AttackGovernmentCE>1http://www.zdnet.com/article/cyberattack-campaign-targets-india-sea-nations/
2121/08/2015Blue Termite>1Kaspersky Lab unveils the details of a new campaign, carried on by an advanced threat group called "Blue Termite", hacking high-end Japanese industries from within the country, using the leaked Adobe Flash vulnerabilities revealed in the Hacking Team data dump.Targeted Attack>1CE>1http://www.theregister.co.uk/2015/08/21/forget_euro_bullet_proofing_japan_hacker_flaks_set_up_ccs_home/
2221/08/2015Mr.Xpr! Iran Hack Security TeamRoyal Saudi Air Force
http://rsaf.gov.sa
Mr.Xpr!, an Iranian hacker from Iran Hack Security Team defaces the official website of Royal Saudi Air Force (http://rsaf.gov.sa).Defacement
MilitaryCCSAhttps://www.hackread.com/saudi-airforce-hacked-iranian-hackers/
2323/08/2015JM511https://www.autozonepro.com/JM511 hacks AutoZonePro.com and dumps 49,967 customers’ details: billing addresses (street and city), email addresses, hashed passwords, telephone numbers, customers’ cities, and dates of birth. The attacker claims to have obtained a total of 162,000+ records.SQLi
Industry: E-Commerce
CCUK
http://www.databreaches.net/50000-autozone-customers-data-hacked-exposed/
2423/08/2015JM511University of California at Los Angeles
http://www.ucla.edu
JM511 dumps some data from the University of California at Los Angeles (UCLA) after allegedly warning the university twice. The attacker also warns other universities of possible vulnerabilities including: Western Governor’s University in Utah, the University of Minnesota, DePaul University, and Northern Illinois University.SQLi
EducationCCUS
http://www.databreaches.net/more-american-universities-hacked-by-jm511/
2523/08/2015?Philippine Bureau of Customs
http://customs.gov.ph
In name of #OpCustoms, a group of hackers takes down the Philippine Bureau of Customs (customs.gov.ph)DDoSGOVernmentHPHhttp://philippineitnewsandservices.blogspot.co.uk/2015/08/philippines-bureau-of-customs-dozed-by.html
2625/08/2015?GithubCode repository Github is the victim of a massive DDoS Attack. The site is likely targeted because of software projects hosted on the site that have allowed Chinese Internet users to bypass the Great Firewall's packet filtering and inspection tools, DDoSIndustry: SoftwareCCUS
https://threatpost.com/github-mitigates-ddos-attack/114403
2725/08/2015AnonGrim AKA @An0nGrimhttp://www.autobits.co.ukAnonGrim AKA @An0nGrim hacks autobits.co.uk and dumps 4,771 records.SQLi
Industry: E-CommerceCCUK
http://t.co/9Aoro2tQ04
2826/08/2015Moroccanwolfhttp://www.secamblive.nhs.ukwww.secamblive.nhs.uk, a UK National Health Service (NHS) site on which the organisation posts patients' stories describing their experience with illness is defaced by Moroccanwolf, as an act of protest regarding western governments' lack of humanitarian actions in Syria.Defacement
HealthcareHUK
http://www.theregister.co.uk/2015/08/26/nhs_site_defaced_with_screed_protesting_syrian_conflict/
2927/08/2015? (Russia?)EFF
Electronic Frontier Foundation
Google's security team identifies a new domain masquerading as an official EFF site as part of a targeted malware campaign linked to the Operation Pawn Storm. The domain is electronicfrontierfoundation.org.Targeted Attack
Single IndividualsCEUS
https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-eff
3027/08/2015?Iranian DissidentsResearchers at Citizen Lab release a report describing a phishing campaign conducted against Iranian dissidents.Targeted Attack
Single IndividualsCEIRhttp://www.scmagazine.com/citizen-lab-report-describes-phishing-campaign-against-iranian-dissidents/article/435241/
3127/08/2015?MSN.comMalwarebytes reveals that the same ad network, AdSpirit.de, which was recently abused in malicious advertising attacks against several top media sites, is caught serving malvertising on MSN.com. This is the work of the same threat actors that were behind the Yahoo! malvertising.MalvertisingIndustry: Internet ServicesCCUS
https://blog.malwarebytes.org/malvertising-2/2015/08/angler-exploit-kit-strikes-on-msn-com-via-malvertising-campaign/
3227/08/2015?http://www.mumsnet.com/Mumsnet is hit by a new wave of DDoS attacks.DDoSOrg: Internet ServicesCCUK
http://www.scmagazineuk.com/mumsnet-hit-again-this-time-by-stronger-series-of-attacks/article/435099/
3327/08/2015NetPirates AKA @TheNetShiphttp://www.ecaytrade.com/NetPirates AKA @TheNetShip hack ecaytrade.com and dump about 50K usernames and hashed passwords.SQLi
Internet ServicesCCKYhttp://t.co/otfvqVjTmD
3427/08/2015?Utah Food BankUtah Food Bank notifies the donors of an access into its website by an unauthorized individual who could have gained access to personal data of more than 10,000 donors.Unknown
Org: Non-ProfitCCUS
http://www.databreaches.net/utah-food-bank-security-breach-exposed-thousands-of-donors-info-since-october-2013/
3528/08/2015?Michigan Catholic ConferenceThe Michigan Catholic Conference notifies more than 10,000 employees, that their personal information has been compromised by an unknown hacker who could also have obtained their personal information.Unknown
Org: Non-ProfitCCUS
http://www.databreaches.net/michigans-catholic-workers-are-latest-cyber-victims/
3631/08/2015?TransformPOSVillage Pizza & Pub, a local pizza chain headquartered in Elgin, Illinois, is the indirect victim of security breach perpetrated against TransformPOS, the company that provides its POS payment card processing system.Unknown
Industry: POS EquipmentCCUS
http://www.databreaches.net/il-village-pizza-pub-notifies-customers-of-data-security-breach-at-transformpos/

3 thoughts on “16-31 August 2015 Cyber Attacks Timeline

Leave a Reply

%d bloggers like this: